From mboxrd@z Thu Jan 1 00:00:00 1970 From: Oliver Fuhrer To: development@lists.ipfire.org Subject: RE: [PATCH v2] BUG 11696: VPN Subnets missing from wpad.dat Date: Wed, 22 May 2019 21:52:57 +0200 Message-ID: <00a401d510d7$f4cb60c0$de622240$@bluewin.ch> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1536058554806638956==" List-Id: --===============1536058554806638956== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Michael > Yes please. >=20 > It would be great to have this all coming in one patchset in the future. Th= at > keeps noise on the list down and allows us to review the whole thing in one > go. >=20 OK, I'll then combine this enhancement patch with a fix for Bug #11047 and so= me code improvement for #11614, however it might take a couple of days until = this ready to be sent. > Are you planning to move this into a function that you will call from the > various CGI files? >=20 I had a look at the code and I think, I hopefully got it right by moving my c= ode to general-functions.pl Oliver > -Michael >=20 > > On 20 May 2019, at 16:31, Oliver Fuhrer wrot= e: > > > > Hi Michael, > > You're welcome. > > I have been poking around in vpnmain.cgi and ovpnmain.cgi to > automatically update the wpad.dat file upon tunnel > add/delete/enable/disable. > > Should I send this one as feature? > > > > Regards > > Oliver > > > >> > >> Hi, > >> > >> Thank you for rebasing this patch. It applies and is merged! > >> > >> -Michael > >> > >>> On 19 May 2019, at 14:30, Oliver Fuhrer > wrote: > >>> > >>> This patch fixes the behavior in 11696 and adds IPSEC and OpenVPN n2n > >> subnets to wpad.dat so they don't pass through the proxy. > >>> --- > >>> Hi List, > >>> New version of the patch, this one has been created against next branch > >> and successfully tested on a fresh build. > >>> > >>> Regards > >>> Oliver > >>> > >>> html/cgi-bin/proxy.cgi | 25 +++++++++++++++++++++++++ > >>> 1 file changed, 25 insertions(+) > >>> > >>> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi > >>> index 91e4fce..b639640 100644 > >>> --- a/html/cgi-bin/proxy.cgi > >>> +++ b/html/cgi-bin/proxy.cgi > >>> @@ -2848,6 +2848,10 @@ sub write_acls > >>> > >>> sub writepacfile > >>> { > >>> + my %vpnconfig=3D(); > >>> + my %ovpnconfig=3D(); > >>> + &General::readhasharray("${General::swroot}/vpn/config", > >> \%vpnconfig); > >>> + &General::readhasharray("${General::swroot}/ovpn/ovpnconfig", > >> \%ovpnconfig); > >>> open(FILE, ">/srv/web/ipfire/html/proxy.pac"); > >>> flock(FILE, 2); > >>> print FILE "function FindProxyForURL(url, host)\n"; > >>> @@ -2910,6 +2914,27 @@ END > >>> } > >>> } > >>> > >>> + foreach my $key (sort { uc($vpnconfig{$a}[1]) cmp > >> uc($vpnconfig{$b}[1]) } keys %vpnconfig) { > >>> + if ($vpnconfig{$key}[0] eq 'on' && $vpnconfig{$key}[3] ne > >> 'host') { > >>> + my @networks =3D split(/\|/, $vpnconfig{$key}[11]); > >>> + foreach my $network (@networks) { > >>> + my ($vpnip, $vpnsub) =3D split("/", $network); > >>> + $vpnsub =3D > >> &Network::convert_prefix2netmask($vpnsub) || $vpnsub; > >>> + print FILE " (isInNet(host, \"$vpnip\", > >> \"$vpnsub\")) ||\n"; > >>> + } > >>> + } > >>> + } > >>> + > >>> + foreach my $key (sort { uc($ovpnconfig{$a}[1]) cmp > >> uc($ovpnconfig{$b}[1]) } keys %ovpnconfig) { > >>> + if ($ovpnconfig{$key}[0] eq 'on' && $ovpnconfig{$key}[3] ne > >> 'host') { > >>> + my @networks =3D split(/\|/, $ovpnconfig{$key}[11]); > >>> + foreach my $network (@networks) { > >>> + my ($vpnip, $vpnsub) =3D split("/", $network); > >>> + print FILE " (isInNet(host, \"$vpnip\", > >> \"$vpnsub\")) ||\n"; > >>> + } > >>> + } > >>> + } > >>> + > >>> print FILE < >>> (isInNet(host, "169.254.0.0", "255.255.0.0")) > >>> ) > >>> -- > >>> 1.8.3.1 > >>> > > > > --===============1536058554806638956==--